When an email downloaded using an email application on a mobile device includes an attachment, the attachment typically can be opened in any external application (viewer, editor, etc.) that has registered with the mobile operating system as an application available to open files of that type, e.g., .doc, .pdf, .txt, etc. This way, email applications can hand over the attachment to an external viewer or editor. These external applications make a copy of these attachments in their local data store on the mobile device and also in some cases may copy them to the cloud, resulting in a loss of control over where the documents end up. Similar so-called “leakage” of content data, e.g., from a trusted application to an untrusted one, may occur when other mobile clients are used to download content to a mobile device, e.g., a file server, content management service, etc., such as Microsoft SharePoint®, and content is of a type that untrusted applications on the mobile device may be registered to be used to access.